PRIVACY

Privacy Policy

How Plyrum treats account data, prompts, transcripts, model metadata and operational logs.

Updated 2026-05-13. Draft legal text for product verification; final launch requires legal review and seller details.

Data Categories

Plyrum can process account identity, model preferences, CLI transcripts, prompts, tool results, usage events, billing ledger entries and audit events.

Secrets and credentials must be stored only in configured secret channels or environment variables and must not be shown in user-visible logs.

Model Providers

When a model is selected, the required request content is sent to that model provider or OpenAI-compatible endpoint.

Routing visibility should show which provider and model were used so the user can understand where data was sent.

Sub-Processors And Data Routing

Where your data goes: when you run a model, your prompts, attached files and tool results are transmitted to the upstream provider that backs the selected model. The table below lists the providers Plyrum can route to, the base-URL host that receives the request, the jurisdiction note, and whether the host is an UNOFFICIAL RESELLER (a third-party gateway that proxies an official model API) rather than the model vendor's own endpoint.

OpenAI-compatible reseller — host api.sharesai.xyz — role: serves OpenAI-family (gpt-*) requests via an unofficial reseller gateway; jurisdiction not contractually established; RESELLER.

Anthropic/Claude reseller (RouteAI) — host hk.routeai.cc — role: serves Claude (anthropic) requests via an unofficial reseller gateway; routed via Hong Kong; RESELLER.

BuzzAI — host claude.buzz7.top — role: serves Claude-family requests via an unofficial reseller gateway; jurisdiction not contractually established; RESELLER.

Linghang API — host linghangapi.cn — role: serves multi-vendor open models (DeepSeek, GLM, Kimi, Qwen, MiniMax) via an unofficial reseller gateway; China (CN) jurisdiction; RESELLER.

New API (Aancn) — host op.aancn.cn — role: serves multi-vendor open models via an unofficial reseller gateway; China (CN) jurisdiction; RESELLER.

Timebackward — host api.timebackward.com — role: serves multi-vendor open models and media generation via an unofficial reseller gateway; jurisdiction not contractually established; RESELLER.

Fireworks AI — host api.fireworks.ai — role: official first-party inference provider for open models; United States; not a reseller.

NVIDIA — host integrate.api.nvidia.com — role: official first-party NVIDIA-hosted inference for open models; United States; not a reseller.

OpenRouter — host openrouter.ai — role: official model-routing aggregator (its own published terms); routes to multiple vendors; not a reseller of Plyrum's choosing.

Groq — host api.groq.com — role: official first-party inference provider; United States; not a reseller.

Trusted providers only: you can enable a per-request "trusted providers only" toggle (or a deployment default) that restricts selection to an allowlist of official/trusted providers and excludes the reseller hosts above. The default allowlist is fireworks, nvidia, openrouter and groq, and is configurable by the operator via PLYRUM_TRUSTED_PROVIDERS. When the toggle is on and no trusted model is available for your request, Plyrum returns a clear error instead of silently using a reseller.

These hosts are the deployment defaults and can be overridden by the operator via provider base-URL environment variables; the live routing/provider view always reflects the actual endpoint used.

Retention

Raw usage events (per-request token and cost rows) are retained in detail for 90 days, after which they are aggregated into daily per-model summaries and the raw rows are deleted. The exact window is set by the deployment (PLYRUM_USAGE_RAW_RETENTION_DAYS).

Chat attachments are removed when their chat is deleted, with a short configurable grace window (default 30 days, PLYRUM_ATTACHMENT_RETENTION_DAYS) before any detached files are swept.

Billing and tax records — wallet ledger entries, payments, refunds and fiscal receipts — are retained separately under their own statutory accounting-law retention and are NOT removed by the usage/attachment retention job.

Retention runs as a scheduled prune job. Users should be given a product path to review relevant transcripts, usage and billing records before they expire.

Launch Status

This policy text is a product draft. Production launch still requires legal review, data-processing details and public contact information.

Related Documents